<?php
class xl_admin{
    function test_admin_name($admin_name){
        global $dbh;
        $sql='SELECT admin_name FROM admin WHERE admin_name=:admin_name';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':admin_name'=>$admin_name));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function test_account($account){
        global $dbh;
        $sql='SELECT account FROM admin WHERE account=:account';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':account'=>$account));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function test_email($email){
        global $dbh;
        $sql='SELECT email FROM admin WHERE email=:email';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':email'=>$email));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function insert($data){
        global $dbh;
        $sql='INSERT INTO admin(account,password,password_confirmed,admin_name,email,status,position,day_time) 
        VALUE (:account,:password,:password_confirmed,:admin_name,:email,:status,:position,:day_time)';
        $sth=$dbh->prepare($sql);
        $sth->execute($data);
        return $sth;
    }
    function read(){
        global $dbh;
        $sql='SELECT * FROM admin ORDER BY id DESC';
        $sth=$dbh->prepare($sql);
        $sth->execute();
        return $sth->fetchAll();
    }
    function read_temp($email){
        global $dbh;
        $sql='SELECT id,email,admin_name FROM admin WHERE email=:email LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':email'=>$email));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function read_id($id){
        global $dbh;
        $sql='SELECT * FROM admin WHERE id=:id LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function read_email($email){
        global $dbh;
        $sql='SELECT * FROM admin WHERE email=:email LIMIT 0,1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':email'=>$email));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function update_status($id){
        global $dbh;
        $sql='UPDATE admin SET status=1-status WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth;
    }
    function update($data){
        global $dbh;
        $sql='UPDATE admin SET password=:password_new,password_confirmed=:password_confirmed,day_time=:day_time WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute($data);
        return $sth;
    }
    function reset_pass($data){
        global $dbh;
        $sql='UPDATE admin SET password=:temporary_password,password_confirmed=:temporary_password,day_time=:day_time WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute($data);
        return $sth;
    }
    function delete_all($id){
        global $dbh;
        $sql='SELECT * FROM admin WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function delete($id){
        global $dbh;
        $sql='DELETE FROM admin WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth;
    }
    function login($email,$pass){
        global $dbh;
        $pass=md5($email.md5($pass));
        $sql='SELECT * FROM admin WHERE email=:email AND password=:pass';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':email'=>$email,':pass'=>$pass));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function update_time($id){
        global $dbh;
        $sql='UPDATE admin SET time_login_last=now() WHERE id=:id';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id'=>$id));
        return $sth;
    }
    function dirToArray($dir)
    {
        global $dt_xl_admin;
        $result = array(); 
        $cdir = scandir($dir); 
        foreach ($cdir as $key => $value) { 
          if (!in_array($value,array('..', '.','.htaccess','index.html','ini.php','templates','templates_c','classes','layout'))){ 
             if (is_dir($dir .DIRECTORY_SEPARATOR. $value)){ 
                $result[$value] = $dt_xl_admin->dirToArray($dir.DIRECTORY_SEPARATOR.$value); 
             } else { 
                $result[] = $value; 
             } 
          } 
        } 
        return $result; 
    } 
    function read_id_decentralization($id_admin){
        global $dbh;
        $sql='SELECT * FROM decentralization WHERE id_admin=:id_admin';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id_admin'=>$id_admin));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function insert_decentralization($id_admin,$file_folder){
        global $dbh;
        $sql='INSERT INTO decentralization(id_admin,file_folder) VALUE(:id_admin,:file_folder) ';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id_admin'=>$id_admin,':file_folder'=>$file_folder));
        return $sth;
    }
    function save_decentralization($id_admin){
        global $dbh;
        $sql='SELECT file_folder FROM decentralization WHERE id_admin=:id_admin';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id_admin'=>$id_admin));
        return $sth->fetchAll(PDO::FETCH_COLUMN);
    }
    function delete_decentralization($id_admin){
        global $dbh;
        $sql='DELETE FROM decentralization WHERE id_admin=:id_admin';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id_admin'=>$id_admin));
        return $sth;
    }
    function handling_decentralization($id_admin,$file_folder){
        global $dbh;
        $sql='SELECT * FROM decentralization WHERE id_admin=:id_admin AND file_folder=:file_folder LIMIT 1';
        $sth=$dbh->prepare($sql);
        $sth->execute(array(':id_admin'=>$id_admin,':file_folder'=>$file_folder));
        return $sth->fetch(PDO::FETCH_ASSOC);
    }
    function vn_str_filter($str) {
    	$str = preg_replace("/(à|á|ạ|ả|ã|â|ầ|ấ|ậ|ẩ|ẫ|ă|ằ|ắ|ặ|ẳ|ẵ)/", 'a', $str);
    	$str = preg_replace("/(è|é|ẹ|ẻ|ẽ|ê|ề|ế|ệ|ể|ễ)/", 'e', $str);
    	$str = preg_replace("/(ì|í|ị|ỉ|ĩ)/", 'i', $str);
    	$str = preg_replace("/(ò|ó|ọ|ỏ|õ|ô|ồ|ố|ộ|ổ|ỗ|ơ|ờ|ớ|ợ|ở|ỡ)/", 'o', $str);
    	$str = preg_replace("/(ù|ú|ụ|ủ|ũ|ư|ừ|ứ|ự|ử|ữ)/", 'u', $str);
    	$str = preg_replace("/(ỳ|ý|ỵ|ỷ|ỹ)/", 'y', $str);
    	$str = preg_replace("/(đ)/", 'd', $str);
    	$str = preg_replace("/(À|Á|Ạ|Ả|Ã|Â|Ầ|Ấ|Ậ|Ẩ|Ẫ|Ă|Ằ|Ắ|Ặ|Ẳ|Ẵ)/", 'A', $str);
    	$str = preg_replace("/(È|É|Ẹ|Ẻ|Ẽ|Ê|Ề|Ế|Ệ|Ể|Ễ)/", 'E', $str);
    	$str = preg_replace("/(Ì|Í|Ị|Ỉ|Ĩ)/", 'I', $str);
    	$str = preg_replace("/(Ò|Ó|Ọ|Ỏ|Õ|Ô|Ồ|Ố|Ộ|Ổ|Ỗ|Ơ|Ờ|Ớ|Ợ|Ở|Ỡ)/", 'O', $str);
    	$str = preg_replace("/(Ù|Ú|Ụ|Ủ|Ũ|Ư|Ừ|Ứ|Ự|Ử|Ữ)/", 'U', $str);
    	$str = preg_replace("/(Ỳ|Ý|Ỵ|Ỷ|Ỹ)/", 'Y', $str);
    	$str = preg_replace("/(Đ)/", 'D', $str);
    	$str = str_replace(" ", "-", str_replace("&*#39;","",$str));
    	$str = str_replace("/", "-", $str);
        $str=strtolower(preg_replace(array('/[^a-zA-Z0-9 -]/', '/[ -]+/', '/^-|-$/'),array('', '-', ''),$str));
    	return $str;
     }
    function xss_clean($data)
    {
        // Fix &entity\n;
        $data = str_replace(array('&amp;','&lt;','&gt;'), array('&amp;amp;','&amp;lt;','&amp;gt;'), $data);
        $data = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $data);
        $data = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $data);
        $data = html_entity_decode($data, ENT_COMPAT, 'UTF-8');

        // Remove any attribute starting with "on" or xmlns
        $data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);

        // Remove javascript: and vbscript: protocols
        $data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data);
        $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $data);
        $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data);

        // Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
        $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
        $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
        $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu', '$1>', $data);

        // Remove namespaced elements (we do not need them)
        $data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);

        do
        {
                // Remove really unwanted tags
                $old_data = $data;
                $data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
        }
        while ($old_data !== $data);

        // we are done...
        if(get_magic_quotes_gpc()){
            $data = stripslashes($data);
        }
        $data = strip_tags(str_replace(array("alert(\'","\');",), array('',''),$data));
        return $data;
    }
    /**
     * Loại bỏ ký tự đặc biệt của ID
     * Fix bug sql injection
     * @param integer $Numeric
     * @return integer
     */
    public function removeSQLI($Numeric){
        $strNumeric = preg_replace('/\D/', '', $Numeric);
        if($strNumeric != 0){
            return $strNumeric;
        }else{
            return false;
        }
    }
    
    /**
     * Loại bỏ thẻ html
     * Fix bug XSS
     * @param string $Numeric
     * @return string
     */
    public function cleanXSS($string){
        if(get_magic_quotes_gpc()){
            $string = stripslashes($string);
        }
        $string = mysql_real_escape_string($string);
        $string = strip_tags(str_replace(array("alert(\'","\');",), array('',''),$string));
        return $string;
    }
}